Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082)
authorDavid Douard <david.douard@logilab.fr>
Mon, 29 Feb 2016 16:16:33 +0100
changeset 11606 e245680acce3
parent 11605 2bf1eabb2bbd
child 11607 5b36399b6b21
[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) Introduce a new config entry (in pyramid.ini) for this (cubicweb.session.secret) to replace the (now deprecated) pyramid-session-secret (in all-in-one.conf). So we have now 3 secrets to configure: - cubicweb.session.secret: to encrypt session's data ID stored in a cookie, - cubicweb.auth.authtkt.session.secret: to encrypt auth cookie - cubicweb.auth.authtkt.persistent.secret: to encrypt persistent session auth cookie
pyramid_cubicweb/session.py file | annotate | diff | comparison | revisions
pyramid_cubicweb/tests/__init__.py file | annotate | diff | comparison | revisions 
--- a/pyramid_cubicweb/session.py	Mon Mar 07 10:47:11 2016 +0100
+++ b/pyramid_cubicweb/session.py	Mon Feb 29 16:16:33 2016 +0100
@@ -144,7 +144,15 @@
 
     See also :ref:`defaults_module`
     """
-    secret = config.registry['cubicweb.config']['pyramid-session-secret']
+    settings = config.registry.settings
+    secret = settings.get('cubicweb.session.secret', '')
+    if not secret:
+        secret = config.registry['cubicweb.config'].get('pyramid-session-secret')
+        warnings.warn('''
+        Please migrate pyramid-session-secret from
+        all-in-one.conf to cubicweb.session.secret config entry in
+        your pyramid.ini file.
+        ''')
     if not secret:
         secret = 'notsosecret'
         warnings.warn('''
@@ -152,8 +160,8 @@
             !! WARNING !! !! WARNING !!
 
             The session cookies are signed with a static secret key.
-            To put your own secret key, edit your all-in-one.conf file
-            and set the 'pyramid-session-secret' key.
+            To put your own secret key, edit your pyramid.ini file
+            and set the 'cubicweb.session.secret' key.
 
             YOU SHOULD STOP THIS INSTANCE unless your really know what you
             are doing !!
--- a/pyramid_cubicweb/tests/__init__.py	Mon Mar 07 10:47:11 2016 +0100
+++ b/pyramid_cubicweb/tests/__init__.py	Mon Feb 29 16:16:33 2016 +0100
@@ -13,8 +13,6 @@
         super(PyramidCWTest, cls).init_config(config)
         config.global_set_option('https-url', 'https://localhost.local/')
         config.global_set_option('anonymous-user', 'anon')
-        config['pyramid-auth-secret'] = 'authsecret'
-        config['pyramid-session-secret'] = 'sessionsecret'
         config.https_uiprops = None
         config.https_datadir_url = None
cubicweb